--- /dev/null
+From 77251e41f89a813b4090f5199442f217bbf11297 Mon Sep 17 00:00:00 2001
+From: Eric Biggers <ebiggers@google.com>
+Date: Thu, 4 Jun 2020 11:52:53 -0700
+Subject: crypto: algboss - don't wait during notifier callback
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Eric Biggers <ebiggers@google.com>
+
+commit 77251e41f89a813b4090f5199442f217bbf11297 upstream.
+
+When a crypto template needs to be instantiated, CRYPTO_MSG_ALG_REQUEST
+is sent to crypto_chain. cryptomgr_schedule_probe() handles this by
+starting a thread to instantiate the template, then waiting for this
+thread to complete via crypto_larval::completion.
+
+This can deadlock because instantiating the template may require loading
+modules, and this (apparently depending on userspace) may need to wait
+for the crc-t10dif module (lib/crc-t10dif.c) to be loaded. But
+crc-t10dif's module_init function uses crypto_register_notifier() and
+therefore takes crypto_chain.rwsem for write. That can't proceed until
+the notifier callback has finished, as it holds this semaphore for read.
+
+Fix this by removing the wait on crypto_larval::completion from within
+cryptomgr_schedule_probe(). It's actually unnecessary because
+crypto_alg_mod_lookup() calls crypto_larval_wait() itself after sending
+CRYPTO_MSG_ALG_REQUEST.
+
+This only actually became a problem in v4.20 due to commit b76377543b73
+("crc-t10dif: Pick better transform if one becomes available"), but the
+unnecessary wait was much older.
+
+BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=207159
+Reported-by: Mike Gerow <gerow@google.com>
+Fixes: 398710379f51 ("crypto: algapi - Move larval completion into algboss")
+Cc: <stable@vger.kernel.org> # v3.6+
+Cc: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Eric Biggers <ebiggers@google.com>
+Reported-by: Kai Lüke <kai@kinvolk.io>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algboss.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+--- a/crypto/algboss.c
++++ b/crypto/algboss.c
+@@ -188,8 +188,6 @@ static int cryptomgr_schedule_probe(stru
+ if (IS_ERR(thread))
+ goto err_put_larval;
+
+- wait_for_completion_interruptible(&larval->completion);
+-
+ return NOTIFY_STOP;
+
+ err_put_larval:
--- /dev/null
+From 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Fri, 29 May 2020 14:54:43 +1000
+Subject: crypto: algif_skcipher - Cap recv SG list at ctx->used
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 7cf81954705b7e5b057f7dc39a7ded54422ab6e1 upstream.
+
+Somewhere along the line the cap on the SG list length for receive
+was lost. This patch restores it and removes the subsequent test
+which is now redundant.
+
+Fixes: 2d97591ef43d ("crypto: af_alg - consolidation of...")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Reviewed-by: Stephan Mueller <smueller@chronox.de>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algif_skcipher.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -74,14 +74,10 @@ static int _skcipher_recvmsg(struct sock
+ return PTR_ERR(areq);
+
+ /* convert iovecs of output buffers into RX SGL */
+- err = af_alg_get_rsgl(sk, msg, flags, areq, -1, &len);
++ err = af_alg_get_rsgl(sk, msg, flags, areq, ctx->used, &len);
+ if (err)
+ goto free;
+
+- /* Process only as much RX buffers for which we have TX data */
+- if (len > ctx->used)
+- len = ctx->used;
+-
+ /*
+ * If more buffers are to be expected to be processed, process only
+ * full block size buffers.
--- /dev/null
+From 6bf6be1127f7e6d4bf39f84d56854e944d045d74 Mon Sep 17 00:00:00 2001
+From: Chen Yu <yu.c.chen@intel.com>
+Date: Fri, 22 May 2020 01:59:00 +0800
+Subject: e1000e: Do not wake up the system via WOL if device wakeup is disabled
+
+From: Chen Yu <yu.c.chen@intel.com>
+
+commit 6bf6be1127f7e6d4bf39f84d56854e944d045d74 upstream.
+
+Currently the system will be woken up via WOL(Wake On LAN) even if the
+device wakeup ability has been disabled via sysfs:
+ cat /sys/devices/pci0000:00/0000:00:1f.6/power/wakeup
+ disabled
+
+The system should not be woken up if the user has explicitly
+disabled the wake up ability for this device.
+
+This patch clears the WOL ability of this network device if the
+user has disabled the wake up ability in sysfs.
+
+Fixes: bc7f75fa9788 ("[E1000E]: New pci-express e1000 driver")
+Reported-by: "Rafael J. Wysocki" <rafael.j.wysocki@intel.com>
+Reviewed-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Cc: <Stable@vger.kernel.org>
+Signed-off-by: Chen Yu <yu.c.chen@intel.com>
+Tested-by: Aaron Brown <aaron.f.brown@intel.com>
+Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/intel/e1000e/netdev.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+--- a/drivers/net/ethernet/intel/e1000e/netdev.c
++++ b/drivers/net/ethernet/intel/e1000e/netdev.c
+@@ -6345,11 +6345,17 @@ static int __e1000_shutdown(struct pci_d
+ struct net_device *netdev = pci_get_drvdata(pdev);
+ struct e1000_adapter *adapter = netdev_priv(netdev);
+ struct e1000_hw *hw = &adapter->hw;
+- u32 ctrl, ctrl_ext, rctl, status;
+- /* Runtime suspend should only enable wakeup for link changes */
+- u32 wufc = runtime ? E1000_WUFC_LNKC : adapter->wol;
++ u32 ctrl, ctrl_ext, rctl, status, wufc;
+ int retval = 0;
+
++ /* Runtime suspend should only enable wakeup for link changes */
++ if (runtime)
++ wufc = E1000_WUFC_LNKC;
++ else if (device_may_wakeup(&pdev->dev))
++ wufc = adapter->wol;
++ else
++ wufc = 0;
++
+ status = er32(STATUS);
+ if (status & E1000_STATUS_LU)
+ wufc &= ~E1000_WUFC_LNKC;
+@@ -6406,7 +6412,7 @@ static int __e1000_shutdown(struct pci_d
+ if (adapter->hw.phy.type == e1000_phy_igp_3) {
+ e1000e_igp3_phy_powerdown_workaround_ich8lan(&adapter->hw);
+ } else if (hw->mac.type >= e1000_pch_lpt) {
+- if (!(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC)))
++ if (wufc && !(wufc & (E1000_WUFC_EX | E1000_WUFC_MC | E1000_WUFC_BC)))
+ /* ULP does not support wake from unicast, multicast
+ * or broadcast.
+ */
--- /dev/null
+From 1a0aa991a6274161c95a844c58cfb801d681eb59 Mon Sep 17 00:00:00 2001
+From: Masami Hiramatsu <mhiramat@kernel.org>
+Date: Tue, 12 May 2020 17:02:56 +0900
+Subject: kprobes: Fix to protect kick_kprobe_optimizer() by kprobe_mutex
+
+From: Masami Hiramatsu <mhiramat@kernel.org>
+
+commit 1a0aa991a6274161c95a844c58cfb801d681eb59 upstream.
+
+In kprobe_optimizer() kick_kprobe_optimizer() is called
+without kprobe_mutex, but this can race with other caller
+which is protected by kprobe_mutex.
+
+To fix that, expand kprobe_mutex protected area to protect
+kick_kprobe_optimizer() call.
+
+Link: http://lkml.kernel.org/r/158927057586.27680.5036330063955940456.stgit@devnote2
+
+Fixes: cd7ebe2298ff ("kprobes: Use text_poke_smp_batch for optimizing")
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: "Gustavo A . R . Silva" <gustavoars@kernel.org>
+Cc: Anders Roxell <anders.roxell@linaro.org>
+Cc: "Naveen N . Rao" <naveen.n.rao@linux.ibm.com>
+Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
+Cc: David Miller <davem@davemloft.net>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: Ziqian SUN <zsun@redhat.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/kprobes.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -586,11 +586,12 @@ static void kprobe_optimizer(struct work
+ mutex_unlock(&module_mutex);
+ mutex_unlock(&text_mutex);
+ cpus_read_unlock();
+- mutex_unlock(&kprobe_mutex);
+
+ /* Step 5: Kick optimizer again if needed */
+ if (!list_empty(&optimizing_list) || !list_empty(&unoptimizing_list))
+ kick_kprobe_optimizer();
++
++ mutex_unlock(&kprobe_mutex);
+ }
+
+ /* Wait for completing optimization and unoptimization */
--- /dev/null
+From 9b38cc704e844e41d9cf74e647bff1d249512cb3 Mon Sep 17 00:00:00 2001
+From: Jiri Olsa <jolsa@redhat.com>
+Date: Tue, 12 May 2020 17:03:18 +0900
+Subject: kretprobe: Prevent triggering kretprobe from within kprobe_flush_task
+
+From: Jiri Olsa <jolsa@redhat.com>
+
+commit 9b38cc704e844e41d9cf74e647bff1d249512cb3 upstream.
+
+Ziqian reported lockup when adding retprobe on _raw_spin_lock_irqsave.
+My test was also able to trigger lockdep output:
+
+ ============================================
+ WARNING: possible recursive locking detected
+ 5.6.0-rc6+ #6 Not tainted
+ --------------------------------------------
+ sched-messaging/2767 is trying to acquire lock:
+ ffffffff9a492798 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_hash_lock+0x52/0xa0
+
+ but task is already holding lock:
+ ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
+
+ other info that might help us debug this:
+ Possible unsafe locking scenario:
+
+ CPU0
+ ----
+ lock(&(kretprobe_table_locks[i].lock));
+ lock(&(kretprobe_table_locks[i].lock));
+
+ *** DEADLOCK ***
+
+ May be due to missing lock nesting notation
+
+ 1 lock held by sched-messaging/2767:
+ #0: ffffffff9a491a18 (&(kretprobe_table_locks[i].lock)){-.-.}, at: kretprobe_trampoline+0x0/0x50
+
+ stack backtrace:
+ CPU: 3 PID: 2767 Comm: sched-messaging Not tainted 5.6.0-rc6+ #6
+ Call Trace:
+ dump_stack+0x96/0xe0
+ __lock_acquire.cold.57+0x173/0x2b7
+ ? native_queued_spin_lock_slowpath+0x42b/0x9e0
+ ? lockdep_hardirqs_on+0x590/0x590
+ ? __lock_acquire+0xf63/0x4030
+ lock_acquire+0x15a/0x3d0
+ ? kretprobe_hash_lock+0x52/0xa0
+ _raw_spin_lock_irqsave+0x36/0x70
+ ? kretprobe_hash_lock+0x52/0xa0
+ kretprobe_hash_lock+0x52/0xa0
+ trampoline_handler+0xf8/0x940
+ ? kprobe_fault_handler+0x380/0x380
+ ? find_held_lock+0x3a/0x1c0
+ kretprobe_trampoline+0x25/0x50
+ ? lock_acquired+0x392/0xbc0
+ ? _raw_spin_lock_irqsave+0x50/0x70
+ ? __get_valid_kprobe+0x1f0/0x1f0
+ ? _raw_spin_unlock_irqrestore+0x3b/0x40
+ ? finish_task_switch+0x4b9/0x6d0
+ ? __switch_to_asm+0x34/0x70
+ ? __switch_to_asm+0x40/0x70
+
+The code within the kretprobe handler checks for probe reentrancy,
+so we won't trigger any _raw_spin_lock_irqsave probe in there.
+
+The problem is in outside kprobe_flush_task, where we call:
+
+ kprobe_flush_task
+ kretprobe_table_lock
+ raw_spin_lock_irqsave
+ _raw_spin_lock_irqsave
+
+where _raw_spin_lock_irqsave triggers the kretprobe and installs
+kretprobe_trampoline handler on _raw_spin_lock_irqsave return.
+
+The kretprobe_trampoline handler is then executed with already
+locked kretprobe_table_locks, and first thing it does is to
+lock kretprobe_table_locks ;-) the whole lockup path like:
+
+ kprobe_flush_task
+ kretprobe_table_lock
+ raw_spin_lock_irqsave
+ _raw_spin_lock_irqsave ---> probe triggered, kretprobe_trampoline installed
+
+ ---> kretprobe_table_locks locked
+
+ kretprobe_trampoline
+ trampoline_handler
+ kretprobe_hash_lock(current, &head, &flags); <--- deadlock
+
+Adding kprobe_busy_begin/end helpers that mark code with fake
+probe installed to prevent triggering of another kprobe within
+this code.
+
+Using these helpers in kprobe_flush_task, so the probe recursion
+protection check is hit and the probe is never set to prevent
+above lockup.
+
+Link: http://lkml.kernel.org/r/158927059835.27680.7011202830041561604.stgit@devnote2
+
+Fixes: ef53d9c5e4da ("kprobes: improve kretprobe scalability with hashed locking")
+Cc: Ingo Molnar <mingo@kernel.org>
+Cc: "Gustavo A . R . Silva" <gustavoars@kernel.org>
+Cc: Anders Roxell <anders.roxell@linaro.org>
+Cc: "Naveen N . Rao" <naveen.n.rao@linux.ibm.com>
+Cc: Anil S Keshavamurthy <anil.s.keshavamurthy@intel.com>
+Cc: David Miller <davem@davemloft.net>
+Cc: Ingo Molnar <mingo@elte.hu>
+Cc: Peter Zijlstra <peterz@infradead.org>
+Cc: stable@vger.kernel.org
+Reported-by: "Ziqian SUN (Zamir)" <zsun@redhat.com>
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Jiri Olsa <jolsa@kernel.org>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ arch/x86/kernel/kprobes/core.c | 16 +++-------------
+ include/linux/kprobes.h | 4 ++++
+ kernel/kprobes.c | 24 ++++++++++++++++++++++++
+ 3 files changed, 31 insertions(+), 13 deletions(-)
+
+--- a/arch/x86/kernel/kprobes/core.c
++++ b/arch/x86/kernel/kprobes/core.c
+@@ -746,16 +746,11 @@ asm(
+ NOKPROBE_SYMBOL(kretprobe_trampoline);
+ STACK_FRAME_NON_STANDARD(kretprobe_trampoline);
+
+-static struct kprobe kretprobe_kprobe = {
+- .addr = (void *)kretprobe_trampoline,
+-};
+-
+ /*
+ * Called from kretprobe_trampoline
+ */
+ __used __visible void *trampoline_handler(struct pt_regs *regs)
+ {
+- struct kprobe_ctlblk *kcb;
+ struct kretprobe_instance *ri = NULL;
+ struct hlist_head *head, empty_rp;
+ struct hlist_node *tmp;
+@@ -765,16 +760,12 @@ __used __visible void *trampoline_handle
+ void *frame_pointer;
+ bool skipped = false;
+
+- preempt_disable();
+-
+ /*
+ * Set a dummy kprobe for avoiding kretprobe recursion.
+ * Since kretprobe never run in kprobe handler, kprobe must not
+ * be running at this point.
+ */
+- kcb = get_kprobe_ctlblk();
+- __this_cpu_write(current_kprobe, &kretprobe_kprobe);
+- kcb->kprobe_status = KPROBE_HIT_ACTIVE;
++ kprobe_busy_begin();
+
+ INIT_HLIST_HEAD(&empty_rp);
+ kretprobe_hash_lock(current, &head, &flags);
+@@ -850,7 +841,7 @@ __used __visible void *trampoline_handle
+ __this_cpu_write(current_kprobe, &ri->rp->kp);
+ ri->ret_addr = correct_ret_addr;
+ ri->rp->handler(ri, regs);
+- __this_cpu_write(current_kprobe, &kretprobe_kprobe);
++ __this_cpu_write(current_kprobe, &kprobe_busy);
+ }
+
+ recycle_rp_inst(ri, &empty_rp);
+@@ -866,8 +857,7 @@ __used __visible void *trampoline_handle
+
+ kretprobe_hash_unlock(current, &flags);
+
+- __this_cpu_write(current_kprobe, NULL);
+- preempt_enable();
++ kprobe_busy_end();
+
+ hlist_for_each_entry_safe(ri, tmp, &empty_rp, hlist) {
+ hlist_del(&ri->hlist);
+--- a/include/linux/kprobes.h
++++ b/include/linux/kprobes.h
+@@ -350,6 +350,10 @@ static inline struct kprobe_ctlblk *get_
+ return this_cpu_ptr(&kprobe_ctlblk);
+ }
+
++extern struct kprobe kprobe_busy;
++void kprobe_busy_begin(void);
++void kprobe_busy_end(void);
++
+ kprobe_opcode_t *kprobe_lookup_name(const char *name, unsigned int offset);
+ int register_kprobe(struct kprobe *p);
+ void unregister_kprobe(struct kprobe *p);
+--- a/kernel/kprobes.c
++++ b/kernel/kprobes.c
+@@ -1237,6 +1237,26 @@ __releases(hlist_lock)
+ }
+ NOKPROBE_SYMBOL(kretprobe_table_unlock);
+
++struct kprobe kprobe_busy = {
++ .addr = (void *) get_kprobe,
++};
++
++void kprobe_busy_begin(void)
++{
++ struct kprobe_ctlblk *kcb;
++
++ preempt_disable();
++ __this_cpu_write(current_kprobe, &kprobe_busy);
++ kcb = get_kprobe_ctlblk();
++ kcb->kprobe_status = KPROBE_HIT_ACTIVE;
++}
++
++void kprobe_busy_end(void)
++{
++ __this_cpu_write(current_kprobe, NULL);
++ preempt_enable();
++}
++
+ /*
+ * This function is called from finish_task_switch when task tk becomes dead,
+ * so that we can recycle any function-return probe instances associated
+@@ -1254,6 +1274,8 @@ void kprobe_flush_task(struct task_struc
+ /* Early boot. kretprobe_table_locks not yet initialized. */
+ return;
+
++ kprobe_busy_begin();
++
+ INIT_HLIST_HEAD(&empty_rp);
+ hash = hash_ptr(tk, KPROBE_HASH_BITS);
+ head = &kretprobe_inst_table[hash];
+@@ -1267,6 +1289,8 @@ void kprobe_flush_task(struct task_struc
+ hlist_del(&ri->hlist);
+ kfree(ri);
+ }
++
++ kprobe_busy_end();
+ }
+ NOKPROBE_SYMBOL(kprobe_flush_task);
+
--- /dev/null
+From 0c34bb598c510e070160029f34efeeb217000f8d Mon Sep 17 00:00:00 2001
+From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+Date: Fri, 29 May 2020 14:17:10 +0200
+Subject: net: octeon: mgmt: Repair filling of RX ring
+
+From: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+
+commit 0c34bb598c510e070160029f34efeeb217000f8d upstream.
+
+The removal of mips_swiotlb_ops exposed a problem in octeon_mgmt Ethernet
+driver. mips_swiotlb_ops had an mb() after most of the operations and the
+removal of the ops had broken the receive functionality of the driver.
+My code inspection has shown no other places except
+octeon_mgmt_rx_fill_ring() where an explicit barrier would be obviously
+missing. The latter function however has to make sure that "ringing the
+bell" doesn't happen before RX ring entry is really written.
+
+The patch has been successfully tested on Octeon II.
+
+Fixes: a999933db9ed ("MIPS: remove mips_swiotlb_ops")
+Cc: stable@vger.kernel.org
+Signed-off-by: Alexander Sverdlin <alexander.sverdlin@nokia.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+--- a/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c
++++ b/drivers/net/ethernet/cavium/octeon/octeon_mgmt.c
+@@ -235,6 +235,11 @@ static void octeon_mgmt_rx_fill_ring(str
+
+ /* Put it in the ring. */
+ p->rx_ring[p->rx_next_fill] = re.d64;
++ /* Make sure there is no reorder of filling the ring and ringing
++ * the bell
++ */
++ wmb();
++
+ dma_sync_single_for_device(p->dev, p->rx_ring_handle,
+ ring_size_to_bytes(OCTEON_MGMT_RX_RING_SIZE),
+ DMA_BIDIRECTIONAL);
--- /dev/null
+From 9017dc4fbd59c09463019ce494cfe36d654495a8 Mon Sep 17 00:00:00 2001
+From: Paul Cercueil <paul@crapouillou.net>
+Date: Wed, 27 May 2020 13:52:23 +0200
+Subject: pwm: jz4740: Enhance precision in calculation of duty cycle
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Paul Cercueil <paul@crapouillou.net>
+
+commit 9017dc4fbd59c09463019ce494cfe36d654495a8 upstream.
+
+Calculating the hardware value for the duty from the hardware value of
+the period resulted in a precision loss versus calculating it from the
+clock rate directly.
+
+(Also remove a cast that doesn't really need to be here)
+
+Fixes: f6b8a5700057 ("pwm: Add Ingenic JZ4740 support")
+Cc: <stable@vger.kernel.org>
+Suggested-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Reviewed-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Signed-off-by: Paul Cercueil <paul@crapouillou.net>
+Signed-off-by: Thierry Reding <thierry.reding@gmail.com>
+[ukl: backport to v5.4.y and adapt commit log accordingly]
+Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/pwm/pwm-jz4740.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/pwm/pwm-jz4740.c
++++ b/drivers/pwm/pwm-jz4740.c
+@@ -108,8 +108,8 @@ static int jz4740_pwm_apply(struct pwm_c
+ if (prescaler == 6)
+ return -EINVAL;
+
+- tmp = (unsigned long long)period * state->duty_cycle;
+- do_div(tmp, state->period);
++ tmp = (unsigned long long)rate * state->duty_cycle;
++ do_div(tmp, NSEC_PER_SEC);
+ duty = period - tmp;
+
+ if (duty >= period)
--- /dev/null
+From 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 Mon Sep 17 00:00:00 2001
+From: Harry Wentland <harry.wentland@amd.com>
+Date: Thu, 28 May 2020 09:44:44 -0400
+Subject: Revert "drm/amd/display: disable dcn20 abm feature for bring up"
+
+From: Harry Wentland <harry.wentland@amd.com>
+
+commit 14ed1c908a7a623cc0cbf0203f8201d1b7d31d16 upstream.
+
+This reverts commit 96cb7cf13d8530099c256c053648ad576588c387.
+
+This change was used for DCN2 bringup and is no longer desired.
+In fact it breaks backlight on DCN2 systems.
+
+Cc: Alexander Monakov <amonakov@ispras.ru>
+Cc: Hersen Wu <hersenxs.wu@amd.com>
+Cc: Anthony Koo <Anthony.Koo@amd.com>
+Cc: Michael Chiu <Michael.Chiu@amd.com>
+Signed-off-by: Harry Wentland <harry.wentland@amd.com>
+Acked-by: Alex Deucher <alexander.deucher@amd.com>
+Reviewed-by: Nicholas Kazlauskas <nicholas.kazlauskas@amd.com>
+Reported-and-tested-by: Alexander Monakov <amonakov@ispras.ru>
+Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
+Cc: stable@vger.kernel.org
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c | 13 +++++--------
+ 1 file changed, 5 insertions(+), 8 deletions(-)
+
+--- a/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
++++ b/drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm.c
+@@ -929,7 +929,7 @@ static int dm_late_init(void *handle)
+ unsigned int linear_lut[16];
+ int i;
+ struct dmcu *dmcu = adev->dm.dc->res_pool->dmcu;
+- bool ret = false;
++ bool ret;
+
+ for (i = 0; i < 16; i++)
+ linear_lut[i] = 0xFFFF * i / 15;
+@@ -945,13 +945,10 @@ static int dm_late_init(void *handle)
+ */
+ params.min_abm_backlight = 0x28F;
+
+- /* todo will enable for navi10 */
+- if (adev->asic_type <= CHIP_RAVEN) {
+- ret = dmcu_load_iram(dmcu, params);
+-
+- if (!ret)
+- return -EINVAL;
+- }
++ ret = dmcu_load_iram(dmcu, params);
++
++ if (!ret)
++ return -EINVAL;
+
+ return detect_mst_link_for_all_connectors(adev->ddev);
+ }
drm-connector-notify-userspace-on-hotplug-after-register-complete.patch
drm-amd-display-use-kvfree-to-free-coeff-in-build_regamma.patch
drm-i915-icl-fix-hotplug-interrupt-disabling-after-storm-detection.patch
+revert-drm-amd-display-disable-dcn20-abm-feature-for-bring-up.patch
+crypto-algif_skcipher-cap-recv-sg-list-at-ctx-used.patch
+crypto-algboss-don-t-wait-during-notifier-callback.patch
+tracing-probe-fix-memleak-in-fetch_op_data-operations.patch
+kprobes-fix-to-protect-kick_kprobe_optimizer-by-kprobe_mutex.patch
+kretprobe-prevent-triggering-kretprobe-from-within-kprobe_flush_task.patch
+e1000e-do-not-wake-up-the-system-via-wol-if-device-wakeup-is-disabled.patch
+net-octeon-mgmt-repair-filling-of-rx-ring.patch
+pwm-jz4740-enhance-precision-in-calculation-of-duty-cycle.patch
--- /dev/null
+From 3aa8fdc37d16735e8891035becf25b3857d3efe0 Mon Sep 17 00:00:00 2001
+From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
+Date: Mon, 15 Jun 2020 20:00:38 +0530
+Subject: tracing/probe: Fix memleak in fetch_op_data operations
+
+From: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
+
+commit 3aa8fdc37d16735e8891035becf25b3857d3efe0 upstream.
+
+kmemleak report:
+ [<57dcc2ca>] __kmalloc_track_caller+0x139/0x2b0
+ [<f1c45d0f>] kstrndup+0x37/0x80
+ [<f9761eb0>] parse_probe_arg.isra.7+0x3cc/0x630
+ [<055bf2ba>] traceprobe_parse_probe_arg+0x2f5/0x810
+ [<655a7766>] trace_kprobe_create+0x2ca/0x950
+ [<4fc6a02a>] create_or_delete_trace_kprobe+0xf/0x30
+ [<6d1c8a52>] trace_run_command+0x67/0x80
+ [<be812cc0>] trace_parse_run_command+0xa7/0x140
+ [<aecfe401>] probes_write+0x10/0x20
+ [<2027641c>] __vfs_write+0x30/0x1e0
+ [<6a4aeee1>] vfs_write+0x96/0x1b0
+ [<3517fb7d>] ksys_write+0x53/0xc0
+ [<dad91db7>] __ia32_sys_write+0x15/0x20
+ [<da347f64>] do_syscall_32_irqs_on+0x3d/0x260
+ [<fd0b7e7d>] do_fast_syscall_32+0x39/0xb0
+ [<ea5ae810>] entry_SYSENTER_32+0xaf/0x102
+
+Post parse_probe_arg(), the FETCH_OP_DATA operation type is overwritten
+to FETCH_OP_ST_STRING, as a result memory is never freed since
+traceprobe_free_probe_arg() iterates only over SYMBOL and DATA op types
+
+Setup fetch string operation correctly after fetch_op_data operation.
+
+Link: https://lkml.kernel.org/r/20200615143034.GA1734@cosmos
+
+Cc: stable@vger.kernel.org
+Fixes: a42e3c4de964 ("tracing/probe: Add immediate string parameter support")
+Acked-by: Masami Hiramatsu <mhiramat@kernel.org>
+Signed-off-by: Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@gmail.com>
+Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ kernel/trace/trace_probe.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/kernel/trace/trace_probe.c
++++ b/kernel/trace/trace_probe.c
+@@ -639,8 +639,8 @@ static int traceprobe_parse_probe_arg_bo
+ ret = -EINVAL;
+ goto fail;
+ }
+- if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM) ||
+- parg->count) {
++ if ((code->op == FETCH_OP_IMM || code->op == FETCH_OP_COMM ||
++ code->op == FETCH_OP_DATA) || parg->count) {
+ /*
+ * IMM, DATA and COMM is pointing actual address, those
+ * must be kept, and if parg->count != 0, this is an
projects / thirdparty / kernel / stable-queue.git / commitdiff
